Bite-sized GDPR

What is GDPR? Here’s a simple guide to get you started

If like, most people, you’ve tried to read up on GDPR but glazed-over before you completed the first paragraph, here’s a more digestible offering!

To break you in with a light snack, we’ve prepared a succinct account of what is GDPR, when will it happen, why, how and where, without the jargon.

What is GDPR?

GDPR stands for General Data Protection Regulation. It’s new legislation that’s been introduced by the European Union (EU) to protect the personal data of EU citizens. It will affect any business holding data on EU citizens, regardless of where they’re located in the world.

As so many of the big tech companies are US based, this new law is having repercussions on a global market. Undoubtedly, the legislation is primarily aimed at the tech giants like Google, Facebook and Amazon, but it will also have an impact on small businesses.

When does GDPR take effect?

GDPR comes into force on 25th May 2018. From this date you’ll need to be compliant with the new legislation.

Why has GDPR been introduced?

It’s long been recognised that previous data protection legislation was out-dated. Advancements in technology have meant the need to re-examine how our personal data is stored and used in today’s interactive society.

GDPR emphasises that any personal data belongs to the individual and they have the right to say how it is used. The EU is the first geographic region to look to protect its citizens data so it’s likely others will follow suit.

How do I comply with GDPR?

One of the main requirements of compliance is for businesses to store the data of any EU citizens within the EU. This means you’ll need to ensure any systems you use are compliant e.g. your CRM, HR and marketing systems.

If you’re using spreadsheets or a paper-based system now’s the time to get started with CRM! Tech developments

mean CRMs are simple to use and very affordable, and in some cases they’re free! A GDPR compliant CRM system will help you with your own compliance. But be wary, many of the big names in CRM (e.g. Salesforce, Microsoft Dynamics and Hubspot) are based in the US so they may not be compliant.

GDPR for Marketing

The other sticking point is the need for your contacts to give permission for you to send any digital marketing communications. The new legislation specifies that “explicit consent” be given before you can send marketing emails, SMS or make telephone calls. This means any new leads or existing contacts need to positively opt-in to receive your messages. It means you can no longer use pre-ticked sign-up boxes on your website; so it has to be an unticked box that explains what will happen if they do tick.

Where does GDPR apply?

As I mentioned above, GDPR has global impact as it affects any business that is storing the data of any EU citizens. It doesn’t matter if your business is not in the EU; if you have contacts in the EU then you will need to comply.

What if I don’t comply?

If you don’t comply you run the risk of being on the receiving end of some hefty fines The maximum fine is €20 million or up to 4% of global revenues, whichever is higher.

However, the pragmatic approach suggests there probably isn’t too much to fear for small businesses, yet compliance also brings opportunities. Making your business GDPR compliant will give you an advantage over your competitors and a promotional plus.

Although gaining marketing consent from your contacts might mean a reduced mailing list, there may be benefits in targeting customers that are more engaged with your product or service.

Ready for the banquet?

Hopefully, this has given you a taste of what’s coming and, after a brief digestion, you’ll be ready to gorge yourself on a bigger helping of GDPR!